March of the Spamalante--How Anti-Spam Militias are Fighting the War

The Spam war is something that nearly every computer user worldwide is part of. However, few really understand just how much of a “war” this is. Like any other war where centralized, predictable, governmental bodies are unable to regulate basic transactions, vigilante bands often fill the void to promote “peace and justice.”

In the Spam war, non-governmental organizations, like www.Spamhaus.org, have become “spamalantes” that have taken matters into their own hands. Groups like Spamhaus, have created spammer and virus infection blacklists aimed at shutting alleged spammers down. While their goals are universal, their tactics present a real question of whether then ends justify the means. For their lists often unilaterally shut down any and all traffic in and out of a blacklisted IP, without any due process or oversight.

In Spamhaus’ own words: “Spamhaus is an international non-profit organization whose mission is to track the Internet's Spam Gangs, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spammers worldwide, and to lobby governments for effective anti-spam legislation. Founded in 1998, Spamhaus is based in the UK and is run by a dedicated team of 18 volunteer investigators located around the world.”

The brief version of their process is: 1) the group zeroes in on a suspected spammer through a combination of complaints, traffic monitoring, and other means; 2) the group publishes an omnibus list with the IP addresses of the alleged spammers that is subscribed to by ISP’s and Host Providers such as www.ipowerweb.com; 3) when e-mail traffic is routed through the subscribing host and/or ISP servers, the server cross references the list and if the e-mail originated from a listed IP address it is rejected outright. Most disturbing is that this blacklist applies not only to “spammers,” but to computers allegedly broadcasting viruses, intentionally or unintentionally—potentially blacklisting the mass population of ordinary e-mail users with the same consequences!

With only 18 volunteers, Spamhaus’ operations are, naturally, almost entirely automated, thereby depriving a blacklisted party any real recourse, notice, or review. This is a very troubling proposition, considering the degree to which e-mail is relied on by any business from sole proprietors to multinationals. Consider the frustration and loss of business that can result if a sole proprietor import exporter’s e-mail is completely blacked out (Spamhaus does not notify the alleged spammer at all. Rather the blacklisted e-mail must be lucky enough to spot the error message referencing Spamhaus in its e-mail client.)

Today, e-mail is a basic utility like water, electricity, and heat. It must be treated like a basic utility to assure that it is not summarily interrupted. Verizon and ConEd would not simply be able to turn off your phone service and heat without some kind of notification with some explanation of the basis and the process to rectify the problem. The law has evolved in most developed nations to assure that process is a key element in the administration of utilities. In this early phase of the spam war, critical thought must be invested before simply allowing third party entities to take matters into their own hands. While I applaud Spamhaus’ motivation, the potential for abuse and gross miscalculation is too severe to do otherwise.

Kaiser Wahab